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Phishing Retro Scan 


Identify the threats that have bypassed your current 
defenses to quickly remediate phishing exposure 


Greater visibility into phishing exposure 


Discover which phishing threats have already reached your end users 


With phishing attacks on the rise and social engineering tactics becoming 
more convincing, it’s no wonder why user exploitation poses the biggest 
security risk to organizations. While cloud email providers and secure 
email gateway (SEG) vendors offer various controls to limit unwanted 
emails, more targeted and deceptive phishing attacks can often bypass 


traditional security measures. 


Cloudflare, a 2023 Forrester Wave ™-recognized leader in Enterprise 
Email Security’, offers a self-service tool that retroactively scans Office 
365 inboxes in minutes to identify malicious and unwanted emails that 
have been delivered over the past 14 days. This includes identifying 
active phishing attacks that have evaded existing security controls and 
are already in the inbox, posing an immediate threat to your organization. 


Running a retro scan 


ee ee 


e Scan Office 365 inboxes in 


1. Log in to existing Cloudflare 
dash account (or create a free 
account if one doesn’t exist) 


. Access “Area 1” from left 
navigation bar 


. Run scan by clicking “Generate 
Retro Scan Report” button 


. Complete steps to authorize 
Microsoft 365 access and select 
email domain(s) to scan 


. Review report once scan has 
completed (email confirmation 
will be sent once scan is done) 


minutes to immediately see 
malicious and unwanted emails 
delivered over the past 14 days 


View and download a customized 


report that provides both an 
overview and detailed breakdown 
of emails flagged during the scan 


Connect with an email security 
expert to better understand the 
types of threats detected and how 
to best remediate exposure 
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Run a free phishing retro 
scan to instantly see: 


Who within your 
organization is most 
frequently targeted 


How many malicious and 
unwanted emails are 
sitting in your inboxes 


What specific threat 
types are evading your 
current defenses 


Which attack groups and 
phishing tactics are 
targeting your users 


Where malicious and 
unwanted emails are 
originating 
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Example retro scan results 


See a detailed breakdown of malicious and unwanted 
emails sitting in your inbox 


Running a retro scan provides a full phishing 
assessment in minutes, detailing the frequency and 
type of threats that have reached your inboxes over 
the past 14 days, including active phishing attacks that 
have already bypassed Microsoft's built-in protections 
and any deployed email security solutions. 


Once the scan is complete, a report is generated to 
provide both an overview of threat types discovered, 
as well as contextual data for each email identified. 
Emails flagged during the scan include: 


e Malicious: Phishing emails that contain harmful 
payloads, links, or other deceptive elements. 
These emails seek to exploit users trust in an 
attempt to gain unauthorized access or commit 
financial fraud. 


e Suspicious: Potentially harmful emails that 
appear to have malicious intent. These emails 
often require time and resources to investigate. 


e Spoof: Phishing emails that attempt to trick 
users into thinking a message came from a 
person or entity they know and trust. 


° Bulk: Emails from sales and marketing 
campaigns. While harmless, bulk emails are 
time-consuming and distracting. 


° Spam: Unwanted emails that are harmless, but 
clog up inboxes and disrupt user workflows. 
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Bulk emails 


Emails from sales & marketing campaigns. 


Spam emails 


Unwanted emails you wish to no longer receive. 


Phish emails 


Emails that are suspected to have malicious intent. 


12 Malicious 


Contained a harmful payload. 


3 Suspicious 
Appeared to have harmful intent. 


1 Spoof 
J Pretended to be from a trusted source. 
| 
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Sample phishing attack detected 
QR codes are an increasingly popular phishing tactic for bypassing email security 


While there are many clever and evasive phishing tactics in use today, QR codes are being 
leveraged more frequently by attackers to evade email security controls and pivot the user to 
a less secure attack channel, which in this case happens to be a mobile device. The goal of 
the attack is to bait the user into scanning the QR code and open the underlying malicious link 
that leads to a spoofed login page in an effort to steal the user's credentials. 


Cloudflare uses an array of sophisticated techniques to identify QR code attacks, including 
optical character recognition (OCR) and ML-powered contextual analysis. Together, these 
techniques deconstruct and cross-validate the language and various elements within the 
message to determine the authenticity of the sender. The sample phish below shows how 
attackers utilize brand impersonation and malicious links to deceive users. 


Date/Time 09/28/2023 5:10:59 AM 


From E-Sign| Required-{NoReply} <noriko29@amail.plala.or.jp> 

To ee eo 

Subject SignRequired:Please Review: Document Shared #01-4000400(REVISED).pdf 
--28/Sep/2023 - DO NOT REPLY*) 

Category Malicious A DMARC NONE @ SPF PASS A DKIM NONE 


Threat Type CredentialHarvester, IdentityDeception, Brandimpersonation 


(Payment Receipt) 


secured document 


Malicious link hidden within QR code to direct 
users to a fake login page 


Please complete with your electronic signature by following the QR above. 


Thank You! 


Powered by DoaSign | pi 
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Why Cloudflare? 


One unified platform 


Secure access Threat defense Data protection 
by verifying and by covering all channels by increasing visibility 
segmenting any user with network-powered and control of data in 
to any resource Al/ML & threat intel transit, at rest & in use 


One programmable network 


Lateral More effective More productive More agile 
Movement by simplifying by ensuring fast, reliable, by innovating rapidly to 
connectivity and and consistent user meet your evolving 


policy management experiences everywhere security requirements 


z . 
Private 
. 


Ready to see what's lurking in 
your inboxes? 


Run a retro scan 


1. Source: The Forrester Wave™: Enterprise Email Security, Q2, 2023 


The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are 
trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of 
Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, 
weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in 
the Forrester Wave. Information is based on best available resources. Opinions reflect judgment 


at the time and are subject to change. 
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